[PATCH 3/3] test/security: add unittest for inline ingress oop

Tue, 11 Apr 2023 03:08:59 -0700 

Add unittest for inline ingress out-of-place processing.

Signed-off-by: Nithin Dabilpuram <ndabilpu...@marvell.com>
---
 app/test/test_cryptodev_security_ipsec.c |  8 +++
 app/test/test_cryptodev_security_ipsec.h |  1 +
 app/test/test_security_inline_proto.c    | 85 ++++++++++++++++++++++++
 3 files changed, 94 insertions(+)

diff --git a/app/test/test_cryptodev_security_ipsec.c 
b/app/test/test_cryptodev_security_ipsec.c
index 7a8688c692..be9e246bfe 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -213,6 +213,14 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform 
*ipsec_xform,
                }
        }
 
+       if (ipsec_xform->options.ingress_oop == 1 &&
+           sec_cap->ipsec.options.ingress_oop == 0) {
+               if (!silent)
+                       RTE_LOG(INFO, USER1,
+                               "Inline Ingress OOP processing is not 
supported\n");
+               return -ENOTSUP;
+       }
+
        return 0;
 }
 
diff --git a/app/test/test_cryptodev_security_ipsec.h 
b/app/test/test_cryptodev_security_ipsec.h
index 92e641ba0b..5606ec056d 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -110,6 +110,7 @@ struct ipsec_test_flags {
        bool ah;
        uint32_t plaintext_len;
        int nb_segs_in_mbuf;
+       bool inb_oop;
 };
 
 struct crypto_param {
diff --git a/app/test/test_security_inline_proto.c 
b/app/test/test_security_inline_proto.c
index 79858e559f..80bcdfc701 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -735,6 +735,51 @@ get_and_verify_incomplete_frags(struct rte_mbuf *mbuf,
        return ret;
 }
 
+static int
+verify_inbound_oop(struct ipsec_test_data *td,
+                  bool silent, struct rte_mbuf *mbuf)
+{
+       int ret = TEST_SUCCESS, rc;
+       struct rte_mbuf *orig;
+       uint32_t len;
+       void *data;
+
+       orig = *rte_security_oop_dynfield(mbuf);
+       if (!orig) {
+               if (!silent)
+                       printf("\nUnable to get orig buffer OOP session");
+               return TEST_FAILED;
+       }
+
+       /* Skip Ethernet header comparison */
+       rte_pktmbuf_adj(orig, RTE_ETHER_HDR_LEN);
+
+       len = td->input_text.len;
+       if (orig->pkt_len != len) {
+               if (!silent)
+                       printf("\nOriginal packet length mismatch, expected %u, 
got %u ",
+                              len, orig->pkt_len);
+               ret = TEST_FAILED;
+       }
+
+       data = rte_pktmbuf_mtod(orig, void *);
+       rc = memcmp(data, td->input_text.data, len);
+       if (rc) {
+               ret = TEST_FAILED;
+               if (silent)
+                       goto exit;
+
+               printf("TestCase %s line %d: %s\n", __func__, __LINE__,
+                      "output text not as expected\n");
+
+               rte_hexdump(stdout, "expected", td->input_text.data, len);
+               rte_hexdump(stdout, "actual", data, len);
+       }
+exit:
+       rte_pktmbuf_free(orig);
+       return ret;
+}
+
 static int
 test_ipsec_with_reassembly(struct reassembly_vector *vector,
                const struct ipsec_test_flags *flags)
@@ -1115,6 +1160,12 @@ test_ipsec_inline_proto_process(struct ipsec_test_data 
*td,
        if (ret)
                return ret;
 
+       if (flags->inb_oop && rte_security_oop_dynfield_offset < 0) {
+               printf("\nDynamic field not available for inline inbound OOP");
+               ret = TEST_FAILED;
+               goto out;
+       }
+
        if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
                ret = create_default_flow(port_id);
                if (ret)
@@ -1206,6 +1257,15 @@ test_ipsec_inline_proto_process(struct ipsec_test_data 
*td,
                        goto out;
                }
 
+               if (flags->inb_oop) {
+                       ret = verify_inbound_oop(td, silent, rx_pkts_burst[i]);
+                       if (ret != TEST_SUCCESS) {
+                               for ( ; i < nb_rx; i++)
+                                       rte_pktmbuf_free(rx_pkts_burst[i]);
+                               goto out;
+                       }
+               }
+
                rte_pktmbuf_free(rx_pkts_burst[i]);
                rx_pkts_burst[i] = NULL;
        }
@@ -1994,6 +2054,26 @@ test_ipsec_inline_proto_known_vec_inb(const void 
*test_data)
        return test_ipsec_inline_proto_process(&td_inb, NULL, 1, false, &flags);
 }
 
+static int
+test_ipsec_inline_proto_oop_inb(const void *test_data)
+{
+       const struct ipsec_test_data *td = test_data;
+       struct ipsec_test_flags flags;
+       struct ipsec_test_data td_inb;
+
+       memset(&flags, 0, sizeof(flags));
+       flags.inb_oop = true;
+
+       if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+               test_ipsec_td_in_from_out(td, &td_inb);
+       else
+               memcpy(&td_inb, td, sizeof(td_inb));
+
+       td_inb.ipsec_xform.options.ingress_oop = true;
+
+       return test_ipsec_inline_proto_process(&td_inb, NULL, 1, false, &flags);
+}
+
 static int
 test_ipsec_inline_proto_display_list(const void *data __rte_unused)
 {
@@ -3086,6 +3166,11 @@ static struct unit_test_suite inline_ipsec_testsuite  = {
                        "IPv4 Reassembly with burst of 4 fragments",
                        ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
                        test_inline_ip_reassembly, &ipv4_4frag_burst_vector),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound Out-Of-Place processing",
+                       ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+                       test_ipsec_inline_proto_oop_inb,
+                       &pkt_aes_128_gcm),
 
                TEST_CASES_END() /**< NULL terminate unit test array */
        },
-- 
2.25.1

Reply via email to